-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need help for configuration Clients -> Router -> (wireguard) -> Remote RoonCore #109
Comments
Are you running Edit: I should say I've never personally tried this and so I can't say certain that it will work. My understanding of the Roon Discovery protocol is not perfect, but I believe it to be possible. |
Yes I am. On the remote server with the following parameters: --interface eth0,wg0 --port 9003 --no-listen |
can you capture traffic on the remote end as well? Also please provide the output of |
Sure. Interfaces on remote server: Interface: eth0 Interface: wg0 Interface: lo Interfaces on the router: Interface: re0 Interface: pppoe0 Interface: wg1 Interface: lo0 pcap files captured on the remote server: |
Hmmm... I think I see the problem. Gonna need to figure out how I can reproduce this locally and figure out a fix. |
Sure, let me know if you need me to do further testing. |
so I don't have OPNsense, but I do have PFSense which is similar-ish AFAIK. I'd expect the Wireguard implementation at least to be the same... but it's not. Your Wireguard interfaces are point-to-point. And I believe that is the cause of the errors in the logs:
You're probably going to see a different set of flags than I do for my Wireguard interface:
Note that the |
Mmm could you please be more clear about "Your Wireguard interfaces are point-to-point."? In the specific 10.200.200.1 (Server) - 10.200.200.12 (router) "subsection" it acts as a site-to-multisite, where are the natted clients behind the router can talk to the 10.200.200.1 server. In fact, the generated wg1.conf file from OPNSense is as follows:
With udp-proxy-2020 enabled my ifconfig is the same as yours. If by point-to-point you mean the interface flag it's not the case.
When I stop the udp-proxy-2020 server the interface loses the PROMISC flag like it's expected to. |
the interface on the remote server:
|
Mmm I'm missing something.. The udp-proxy-2020 on my router, which has those logged error messages (Address family not supported by protocol family) and whose interface (wg1) does not have the pointopoint flag is not able route the broadcast packets on the tunnel because the remote interface (on the remote server with linux) has the wg0 interface with the pointopoint flag? As far as I know, in linux, wireguard always creates the wg0 interface with the POINTOPOINT flag. Please correct me if I'm wrong. |
So the log is saying:
But the pcap actually shows all the packets from re0 being sent on wg1 on your OPNSense box. Just not seeing any replies from your Linux server on the remote end over the VPN tunnel. The If you use the Also, on the remote/linux box can you run |
Sure:
PCAP files from the remote linux server: |
Traffic for 192.168.0.0/24 is egressing |
It looks fine to me. Eth0 (the 192.168.0.0 subnet) is the WAN interface. The traffic TO the linux server wireguard lxc THROUGH the vpn tunnel is then forwarded to the wan interface so that if a wireguard client has setup as allowed IP 0.0.0.0/0 it will still have internet connection through the tunnel. This is the wg0.conf on the lxc container on the remote linux server (only the interface section, then there are all the peers one of which is my opnsense router 10.200.200.12)
(Postup and postdown iptables rules are not complete since I'm from mobile and I cannot copy the whole line from the wg0.conf file) |
oh, sorry... saw the private IP space and didn't bother to verify they match what is across the VPN. Doesn't seem like Roon is seeing the packets arriving on a software tunnel interface like So first, try restarting Roon on the Linux box. Maybe Roon needs to start after the tunnel is up?? If that doesn't work, on the linux side, can you add |
Honestly, the more I think about this there is a problem I'm not sure how to resolve without you setting a 2nd LXC container and moving Roon to that (away from udp-proxy-2020 and wireguard). Basically the way |
This seems more than reasonable. Those two LXC will communicate throught the internal LAN (192.168.x.x). I'll keep you updated |
FYI, I think I just figured how to inject UDP frames locally and forge the source IP... only it's not cross platform and has to be different on Linux vs. *BSD. So yeah, I think I can make this work, only it's a bit of work. No promises right now when I'll find time, but kinda motivated to make this work so maybe "soon"... at least relative to the heat death of the universe. :D |
So I tried as you said: LXC Container Wireguard+udp-proxy-2020
udp-proxy-2020 config
LXC Container with Roon
Now let's leave alone for a moment the connection with my opnsense router, I tried connecting my smartphone with 4G network + Wireguard (which has always been working) -> Cannot even see the Roon server anymore LXC Wireguard + udp-proxy-2020 log (partial) - Smartphone wireguard IP 10.200.200.2 :
Multicast packets tested with iperf between 192.168.0.50 and 192.168.0.51 (the two LXC containers) working without any problem. Am I missing something very stupid? |
I'd have to look at the pcaps. Also, it would be very helpful to get a pcap and output of
edited to add |
Well I figured out a way to get packets delivered locally if you install Roon on the same server as udp-proxy-2020: you'll need to use the new That said, I'm not sure why Roon didn't see packets on the tunnel interface naturally? Roon should be listening on all interfaces (
|
Hey here I am, Pcap from the two LXC setup Then I switch in a single LXC setup (like before) and used your new binary, without success:
|
So the The Fatal error is interesting... can you run |
You're right, my bad. Please have some patience, to test this I need to revert back to the 2 lxc configuration.
My bad X2. I didn't update the service file to use the new binary. Now Roon is finally reachable, although players connected to my router are not visible. If I directly connect a single device with Wireguard (ex. smartphone in 4g + wireguard) then it is seen as an output device. |
No worries... this is complicated. You've been doing better than most honestly :) |
Tell me if the log file with the debug argument is needed! |
So all the pcaps in the latest zip file (single LCX) are empty. Probably need to restart the Roon client(s) to re-initiate discovery? As for the Anyways, there seems to be two different potential solutions:
I think we're both getting a little confused with this, so I'd suggest doing whichever option easiest for you. I don't really care and in theory both should work. |
You're right it's better to focus on one single setup to better debug the problem and avoid confusion. I've tried multiple times (reconnect clients, reboot the lxc and so on) but the pcap files with the new version remain empty. This is the log file with the debug argument. As you can see udp-proxy-2020 learns the existence of my router. The binary was started with the following arguments:
This is the actual ifconfig of the container:
As always I can reach the server with every client but: |
I think this binary should fix the pcap generation. udp-proxy-2020-0.1.0-linux-amd64.zip That said, when you're doing the test from the home router, it would be useful to grab the pcaps from that host as well. |
Here I am, sorry for the late reply. The binary you linked still produces empty pcap files. Nonetherless here you are the log (debug level) from both the router and the LXC with included the pcap files from the router instance |
So I see some Additionally, it occurs to me you might have better luck with |
any luck @simonefil ? |
Hi, sorry for the absence. I was on holiday, from tomorrow I'll be available for more test. |
The evidence you've provided so far indicates that the Roon Core is not replying to messages sent by your router at home. Hence that's where I've been focused. |
Mmm to corroborate that I did two different tests this time. 1st test: PCAP + log of both sides: 2nd test: PCAP+ log of LXC: Results: P.s. If you don't mind, thanks to your patience I'd like to make a donation. Would you give me your PP address? |
busy with work right now, but donations go here: https://github.com/synfinatic/udp-proxy-2020#how-can-i-say-thanks |
Hi,
I had running udp-proxy-2020 for ages with the following setup:
RoonCore (remote server in a datacenter) -> Wireguard -> Client
udp-proxy-2020 installed on the remote server with the following parameters: --interface eth0,wg0 --port 9003 --no-listen
Now, I've changed my configuration because when I'm at home I don't want to have to switch on wireguard on every single client, so with a OPNSense router I achieved the following configuration:
RoonCore (remote server) -> Wireguard -> Home OPNsense router -> Clients. With wireguard installed on the router.
With this setup I can access my Roon library but device audio endpoints are not discovered. Every client can ping the remote server without any issue.
So I tried to configure udp-proxy-2020 on the router too with the following parameters: --interface re0,wg1 --fixed-ip [email protected] --port 9003 where re0 is the lan interface, without any success. I can' t still see any audio endpoint.
Here the pcap files and the udp-proxy-2020 log on the router
udp-proxy-2020.log
pcap.zip
I'm not that good at networking so I might be missing something very stupid.
May I ask you for some help?
Thanks,
Simone
The text was updated successfully, but these errors were encountered: